Bundler
Monthly
`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.